Overview

overview

10

Static

static

10

63b506c091...fd.ps1

windows7-x64

10

63b506c091...fd.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b70469bba9d761d9b90c49c596575d6.bin

  • Size

    421B

  • Sample

    231007-b882yagg5w

  • MD5

    2724334c6a53f2c236c14b2d248b56fa

  • SHA1

    a6796935ad6f476f21776e1bc073b6334ab3340b

  • SHA256

    f53a5dc044ad8b769397a3f6a36747cb5a66548e13ed4a7ea313337545c3c3aa

  • SHA512

    664b09650d55fb67f38aa69eed47fea0e02a6f226e4d94fdf8d5982217ab0b06b06e5dc73832a0d348b51e8e8c605abb51bd773a879f9a3d503eec6483393493

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://communicalink.com/putty.exe

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      63b506c0917d35cbf539bad3ad26d82ea3edbe50ba3f09f6e39a03c969fa8cfd.ps1

    • Size

      172B

    • MD5

      7b70469bba9d761d9b90c49c596575d6

    • SHA1

      ca89ca05ee36b580f713b1e17bb4694506069622

    • SHA256

      63b506c0917d35cbf539bad3ad26d82ea3edbe50ba3f09f6e39a03c969fa8cfd

    • SHA512

      855656cadc203011b9ee0d66309c399e9641461682fe7cd930de076964aea976aba20919e2cea34f0b5ce8400dffd0fa44564ddd94b0746e0c6e0d74de682984

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks